fix: forgejo ip

hosts/fw/modules/dnsmasq.nix

@@ -102,6 +102,7 @@
         "/snapcast.cloonar.com/${config.networkPrefix}.97.21"
         "/lms.cloonar.com/${config.networkPrefix}.97.21"
         "/git.cloonar.com/${config.networkPrefix}.97.50"
+        "/forgejo.cloonar.com/${config.networkPrefix}.97.55"
         "/feeds.cloonar.com/188.34.191.144"
         "/nukibridge1a753f72.cloonar.smart/${config.networkPrefix}.100.112"
         "/allywatch.cloonar.com/${config.networkPrefix}.97.5"

hosts/fw/modules/forgejo.nix

@@ -20,6 +20,9 @@ in
   users.groups.forgejo = group;
 
   # Reuse the existing git.cloonar.com ACME cert from gitea.nix
+  security.acme.certs."forgejo.cloonar.com" = {
+    group = "nginx";
+  };
 
   containers.forgejo = {
     autoStart = false;  # Don't start until migration is complete
@@ -27,14 +30,15 @@ in
     privateNetwork = true;
     hostBridge = "server";
     hostAddress = "${networkPrefix}.97.1";
-    localAddress = "${networkPrefix}.97.51/24";  # Different from gitea's .50
+    localAddress = "${networkPrefix}.97.55/24";  # Different from gitea's .50
     bindMounts = {
       "/var/lib/forgejo" = {
         hostPath = "/var/lib/forgejo/";
         isReadOnly = false;
       };
       "/var/lib/acme/forgejo/" = {
-        hostPath = config.security.acme.certs.${domain}.directory;
+        # hostPath = config.security.acme.certs.${domain}.directory;
+        hostPath = config.security.acme.certs."forgejo.cloonar.com".directory;
         isReadOnly = true;
       };
       "/run/secrets/forgejo-mailer-password" = {

hosts/fw/modules/web/proxies.nix

@@ -7,6 +7,15 @@
       proxyPass = "https://git.cloonar.com/";
     };
   };
+  services.nginx.virtualHosts."forgejo.cloonar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+    locations."/" = {
+      proxyPass = "http://${config.networkPrefix}.97.55:3001/";
+      proxyWebsockets = true;
+    };
+  };
   services.nginx.virtualHosts."foundry-vtt.cloonar.com" = {
     forceSSL = true;
     enableACME = true;